Help, if you can-
The situation:
includes a remotely hosted javacript file (.js).
The goal is to just get an alert from the remotely hosted php script on foobar
I have tried the following code in stuff.js:
$.ajax({
type: "GET",
url: ".php?callback=?",
dataType: 'jsonp',
success: function(result) { alert(result); }
});
No luck.
$.getJSON(".php?jsonp=?",
function(data) { alert(data); }
);
Also no luck.
On the php side I have tried both the following:
return json_encode(array(0 => 'test'));
echo json_encode(array(0 => 'test'));
In Firefox I get a security error. I understand that it thinks I'm violating the security model. However, according to the jquery documentation, I should be able to acplish this.
Help, if you can-
The situation:
http://foobar. includes a remotely hosted javacript file (http://boobar./stuff.js).
The goal is to just get an alert from the remotely hosted php script on foobar.
I have tried the following code in stuff.js:
$.ajax({
type: "GET",
url: "http://www.boobar./script.php?callback=?",
dataType: 'jsonp',
success: function(result) { alert(result); }
});
No luck.
$.getJSON("http://www.boobar./script.php?jsonp=?",
function(data) { alert(data); }
);
Also no luck.
On the php side I have tried both the following:
return json_encode(array(0 => 'test'));
echo json_encode(array(0 => 'test'));
In Firefox I get a security error. I understand that it thinks I'm violating the security model. However, according to the jquery documentation, I should be able to acplish this.
Share Improve this question edited Sep 26, 2011 at 18:44 lewsid asked Apr 15, 2009 at 15:48 lewsidlewsid 1,9102 gold badges17 silver badges19 bronze badges 1- So what I ended up doing, since it was just a GET - no data need to be retrieved - I used JQuery to create a hidden iframe with the URL including the variables I wanted to pass set as the source. Worked like a charm. To all who provded feedback - Thanks! – lewsid Commented Apr 16, 2009 at 13:49
6 Answers
Reset to default 8The error seems to be a security feature of the Same Origin Policy: to simplify, you can only make AJAX requests for stuff on the originating server (http://foobar.). One way around this is to make a simple facade on the originating server, e.g.:
<?php
// this file resides at http://foobar./getstuff.php
echo file_get_contents('http://www.boobar./script.php?callback=?'
. $possibly_some_other_GET_parameters );
?>
Then, from foobar., you can make an AJAX request for http://foobar./getstuff.php (which in turn makes a HTTP GET request from your web server to boobar. and sends it back to the browser).
To the browser, the request goes to the origin server, and is allowed (the browser has no way of knowing that the response es from somewhere else behind the scene).
Caveats:
- the PHP config at foobar. must have
allow_url_fopenset to "1". Although this is the default setting, some servers have it disabled. - the request to www.boobar. is made from foobar. server, not from the browser. That means no cookies or user authentication data are sent to www.boobar., just whatever you put into the request URL ("
$possibly_some_other_GET_parameters").
You can get data from another server asynchronously using script tags and json:
<script type="text/javascript" src="http://somesite./path/to/page/"></script>
You can use this to dynamically load a remote javascript (by created a new script element and setting the src attribute, then loading into the DOM), which could set a variable. However, you need to really trust the remote site, because the JS will be evaluated without any precondition.
There is a method called window.name transport or window.name method which uses a general browser bug(not sure if this is a bug actually). You make the request through an iFrame and the loaded page puts the information you need to the "name" property of the JavaScript window object of itself.
This method uses a "blank.htm" since it first navigates to the target page and then goes back to the blank.htm page to overe the "same origin policy" restriction.
Dojo have implemented this and you can find a more detailed explanation here.
Also I have implemented a cross-domain XMLHttpRequest object based on this method in the library I have written which can be found here.
You may not be able to use the library since it will need 1 or 2 additional libraries which can be found here.
If you need further help in implementing it in your style, I'll try to do my best.
So what I ended up doing, since it was just a GET - no data need to be retrieved - I used JQuery to create a hidden iframe with the URL including the variables I wanted to pass set as the source. Worked like a charm. To all who provded feedback - Thanks!
How about this !! Using a php proxy.
Cross-Domain AJAX calls using PHP http://www.phpfour./blog/2008/03/cross-domain-ajax-using-php/
jQuery .ajax also has a setting 'crossDomain'.
http://api.jquery./jQuery.ajax/
crossDomain (default: false for same-domain requests, true for cross-domain requests) Type: Boolean If you wish to force a crossDomain request (such as JSONP) on the same domain, set the value of crossDomain to true. This allows, for example, server-side redirection to another domain. (version added: 1.5)